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[57] ABSTRACT 

A method and a system for managing a data object so as to 
comply with predetermined conditions for usage of the data 
object. To control the usage of the data object, a set of 
control data, defining uses of the data object, which comply 
with the predetermined conditions, is created for the data 
object. The data object is concatenated with the user set of 
control data, encrypted and transferred lo the user. When the 
user wants to use the data object, a special user program 
checks whether the usage complies with the control data. If 
so, the usage is enabled. Otherwise it is disabled. 

29 Claims, 15 Drawing Sheets 
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METHOD AND SYSTEM FOR MANAGING A 
DATA OBJECT SO AS TO COMPLY WITH 
PREDETERMINED CONDITIONS FOR 
USAGE 

TECHNICAL FIELD 

Tbe prcscDt invention relates to data processing and more 
particularly to a method and a system for managing data 
objects so as to comply with predetermined conditions for 
usage. 

BACKGROUND 

Much has been written recently regarding the puzzle of 
universal connectivity. A typical vision of the data highway 
has long distance high speed data carriers inter connecting 
regional networks which provide telecommunications ser- 
vices and a wide range of interactive on-line services to 
consumers. Many of the pieces are already in place, others 
are in development or testing. In fact, everj though the data 
highway is under construction it is currently open to limited 
traffic. On-line services are springing up daily and video on 
demand services are currently being tested. 

Tbe potential to benefit society is immense. The scope of 
information available to consumers will become truly global ' 
as the traditional barriers to entry for distribution of, and 
access to, information are lowered dramatically. This means 
that more diverse and specialized information will be made 
available just as conveniently as generic sources from major 
vendors used to be. The end result is that organizations and - 
individuals will be empowered in ways heretofore only 
imagined. 

However, a fully functioning data highway will only be as 
valuable as the actual services which it provides. Services 
envisioned for the data highway that involve the delivery of 
data objects (e.g. books, films, video, news, music, software, 
games, etc.) will be and arc currently limited by the avail- 
ability of such objects. Library and educational services are 
similarly affected. Before owners will allow their data 
objects to be offered they must be assured of royalty 
payments and protection from piracy. 

Encryption is a key component of any solution to provide 
copy protection. But encryption alone is not enough. During 
transmission and storage the data objects will be protected 
by encryption, but as soon as anyone is given the key to 
decipher the content he will have unlimited control over it. 
Since the digital domain permits data objects to be repro- 
duced in unlimited quantities with no loss of quality, each 
object will Deed to be protected from unlimited use and 
unauthorized reproduction and resale. 

The protection problem must not be solved by a separate 
solution for each particular data format, because then the 
progress will indeed be slow. It is important to consider the 
effect of standardization on an industry- Consider how the 
VHS, the CD and the DAT formats*, and the IBM PC 
compatibility standards have encouraged growth in their 
respective industries. However, if there is to be any type of 
standardization., the standard must provide universal adapt- 
ability to the needs of both data providers and data users, go 

The data object owner may want to have permanent 
secure control over how, when, where, and by whom his 
property is used. Furthermore, be may want to define 
different rules of engagement for different types of users and 
different types of security depending on the value of par- 65 
ticular objects. The rules defined by him shall govern the 
automated operations enabled by data services and network- 
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ing. Tne owner may also want to sell composite objects with 
different rules governing each constituent object. Thus, it is 
necessary to be able to implement variable and extensible 
control. 

The user on his pan wants to be able to search for and 
purchase data objects in a convenient manner. If desired, the 
user should be able to combine or edit purchased objects (i.e. 
for creating a presentation). Furthermore, the user may want 
to protect his children from inappropriate material. A com- 
plete solution must enable these needs as well. 

What is needed is a universally adaptable system and 
method for managing the exchange and usage of data objects 
while protecting the interests of data object owners and 
users. 

PRIOR ART 

A method for enforcing payment of royalties when copy- 
ing softcopy books is described in the European patent 
application EP 0 567 800. This method protects a formatted 
text stream of a structured document which includes a 
royalty payment element having a special tag. AVben the 
formatted text stream is inputted in the user's data processor, 
the text stream is searched to identify the royalty payment 
element and a flag is stored in the memory of the data 
processor. When the user for instance requests to print the 
document, the data processor requests authorization for this 
operation from a second data processor. The second data 
processor charges the user the amount indicated in the 
royalty payment element and then transmits the authoriza- 
tion to the first data processor. 

One serious limitation of this method is that it can only be 
applied to structured documents. The description of the 
above-mentioned European patent application defines a 
structured document as: a document prepared in accordance 
with an SGML compliant type definition. In other words it 
can not be applied to documents which are not SGML 
compliant and it cannot be applied to any other types of data 
objects. 

Furthermore, this method does not provide for variable 
and extensible control. Anyone can purchase a softcopy 
book on a CD, a floppy disc or the like, and the same royalty 
amount is indicated in the royalty payment element of all 
softcopy books of the same title. 

Thus, the method described in EP 0 567 800 does not 
satisfy the above-mentioned requirements for universally 
adaptable protection of data objects. 

SUMMARY OF THE INVENTION 

Accordingly, it is a first object of the invention to provide 
a method and a data processing system for managing a data 
object in a manner that is independent of the format and the 
structure thereof, so as to comply with predetermined con- 
ditions for usage control and royally payment. 

It is a further object of the invention to provide such a 
method and system which is universally adaptable to the 
needs of both the owner and the user of the data object. 

A further object of the invention is to provide such a 
method and system which enables a data object provider to 
distribute his data object while maintaining control of the 
usage thereof. 

Yet another object of the invention is to provide a method 
and system which allows a data object provider to select the 
level of security for his data object in a flexible way. 

Yet another object of the invention is to provide such a 
method and system which makes it possible to establish an 
audit trail for the data object. 
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Yel another object is to provide such a meihod and system 
which makes it possible to sell and buy data objects in a 
secure way. 

More particularly, a data object provider, e.g., the owner 
of a data object or his agent (broker), stores the data object 
id a memory device, e.g. a bulk storage device, where it is 
accessible by means of the daia provider's data processor 
The data object can consist of digital data, analog data or a 
combination or hybrid of analog and digital data. 

A general set of control data, which is based on the 
predetermined conditions for usage of the data object, is 
created and stored in the same memory device as the data 
object or another memory device where it is accessible by 
the data provider's data processor. The predetermined con- 
ditions for usage may be defined by the data object owner, 
by the broker or by anyone else. They may differ, between 
different data objects. 

The general set of control data comprises at least one or 
more usage control elements, which define usages of the 
data object which comply with the predetermined condi- 
tions. These usages may encompass for instance the kind of 
user, a time limit for usage, a geographical area for usage, 
allowed operations, such as making a hard copy of the data 
object or viewing it, and/or claim to royalty payment. The 
genera] set of control data may comprise other kinds of 
control elements besides the usage control element. In a 
preferred embodiment, the general set of control data com- 
prises a security control element which defines a security 
procedure which has to be carried out before usage of the 
data object. It also comprises an identifier, which uniquely 
identifies the general set of control data. 

The genera] set of control data is concatenated with a copy 
of the data object. Thus, the control data does not reside in 
the data object, but outside it, which makes the control data 
independent of the format of and the kind of data object and 
which allows for usage control independently of the data 
object format. 

At least the usage control element(s) and the data object 
are encrypted, so that the user is unable to use the data object 
without a user program which performs the usage control 
and which decrypts the data object. Alternatively, the whole 
set of control data and the copy of the data object may be 
encrypted. 

A user may request authorization for usage of a data 45 
object residing at a data provider's processor via a data 
network or in any other appropriate way. The authorization 
may or may not require payment. When a request for 
authorization for usage is received, a user set of control data 
is created by the data provider's processor. The user set of 50 
control data comprises the general set of control data or a 
subset thereof including at least one of said usage control 
elements which is relevant for the actual user. It typically 
also includes a new identifier which uniquely identifies this 
set of control data. If relevant, the user set of control data 55 
also comprises an indication of the number of usages 
authorized. If more than one kind of usage is authorized, the 
number of each kind of usage may be specified. Finally, the 
user set of control data is concatenated with a copy of the 
data object, and at least the usage control elements and ibe 60 
copy of the data object are encrypted to create a secure data 
package ready for transfer to the user. 

Before the data package is transferred to the user, it should 
be confirmed that the request for authorization for usage has 
been granted. The check is preferably carried out before the 65 
user set of control data is created. However, it can also be 
carried out in parallel with or after the creation of the user 
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control data. In the latter case, the number of usages 
requested by the user is tentatively authorized and included 
in the user set, but if the request is refused the user set is 
canceled or changed. 
5 The data package may be transferred to the user by 
electronic means or stored on bulk storage media and 
transferred to the user by mail or by any suitable transpor- 
tation means. 

Once the data object has beeD packaged in the above- 
10 described manner, it can only be accessed by a user program 
which has built-in usage control and means for decryptine 
the data package. The user program will only permit usages 
defined as acceptable in the control data. Moreover, if the 
control data comprises a security control element, the secu- 
15 rity procedure prescribed therein has to be complied with. In 
one embodiment, the usage control may be performed as 
follows. If the user decides to use a data object, the user 
program checks the control data to see if this action is 
authorized. More particularly, it checks thai the number of 
20 authorized usages of this kind is one or more. If so, the 
action is enabled and the number of authorized usages 
decremented by one. Otherwise, the action is interrupted by 
the user program and the user may or may not be given the 
opportunity to purchase the right to complete the action. 
25 After the usage, the user program repackages the data 
object in the same manner as it was packaged before. 

When a data object is redistributed by a user or a broker, 
new control elements are added in the control data to reflect 
30 the relation berweeD the old user/broker and the new user/ 
broker. In this way, an audit trail for the data object may be 
created. 

According to another aspect of the invention at least two 
data packages are stored on a user s data processor, which 
35 examines the usage control elements of the data packages in 
order to find a match. If a match is found, the user's data 
processor carries out an action which is specified in the user 
set of control data. This method can be used for selling and 
buying data objects. 

BRIEF DESCRIPTION OF DRAWINGS 

FIG. 1 is a flow diagram showing the general data flow 
according to the invention. 

FIG. 2 is a system block diagram of a data object 
provider's data processor. 

FIG. 3 is a block diagram showing the different modules 
of a data packaging program according to the invention. 
FIG. 4 is a data flow diagram of a data packaging process. 
FIG. 5 is an example of a header file. 
FIG. 6 is an example of a usage data file. 
FIG. 7 is a data flow diagram of loading an object to the 
data object provider's data processor. 

FIGS. 8o and Sb are examples of control data for a data 
object on the data object provider's data processor and for an 
object ready to be transferred to a user, respectively. 

FIG. 9 is a data flow diagram of data packaging on the 
data object provider's data processor. 

FIG. 10 is a flow diagram of a data packaging procedure. 
FIG. 11 is a memory image of a data object and its control 
data. 

FIG. 12a is a memory image of the concatenated control 
data and data object. 

FIG. 12b is a memory image of the concatenated and 
encrypted control data and data object. 

FIG. 13 is a system block diagram of a user's data 
processor. 
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FIG. 14 is a block diagram showing the different modules 
of a user program according to the invention. 

FIG. 15 is a flow diagram of using a data object on the 
user's data processor. 

FIG. 16 is a flow diagram of how the user program 
operates in a specific application example. 

FIG. 17 is aD example of various data package structures 
for composite objects. 

DESCRIPTION OF THE BEST MODE FOR 
CARRYING OUT INVENTION 



General Overview 

FIG. 1 is a flow diagram showing the general data flow 
according to the invention. The flow diagram is divided into 
a data object provider part 1 and a user part 2. 

In the data object provider part 1, a data object 24 is 
created by an author. The data object can consist of digital 
data, analog data or a combination or hybrid of analog and 
digital data. The primary difference between analog data 
objects and digital data objects is the means for storage, 
transfer and usage. 

The author also determines the conditions 42 for the usage 
of the data object 24 by a user. The data object 24 and the 
usage conditions 42 are input to a data packaging program 
19, which creates a secure data package 40 of the data object 
and of control data which are based on the input usage 
conditions 42. Once packaged in this way, the data object 
can only be accessed by a user program 35. 

The data object may be packaged together with a genera] 
set of control data, which is the same for all users of the data 
object. This may be the case when the data object is sent to 
a retailer or a bulletin board, wherefrom a user may obtain 
it. The data object may also be packaged as a consequence 
of a request from a user for usage of the data object. In that 
case, the package may include control data which is spe- 
cifically adapted to that user. This control data is called a 
user set of control data. It may for example comprise the 
number of usages purchased by the user. Typically, the user 
set of conlrol data will be created on the basis of the general 
set of control data and include at least a subset thereof. A 
user set of control data need not always be adapted for a 
specific user. All sets of control data which are created on the 
basis of a genera] set of control data will be called a user set 
of control data. Thus, a set of control data can be a general 
set in one phase and a user sei in another phase. 

The above-mentioned data packaging can be carried out 
by the author himself by means of the data packaging 
program 19. As an alternative, the author may send his data 
object to a broker, who inputs the data objeel and the usage 
conditions determined by the author to the data packaging 
program 19 in order to create a secure package 3. The author 
may also sell his data object to the broker. In thai case, the 
broker probably wants to apply his own usage conditions to 
the data packaging program. The author may also provide 55 
the data objeel in a secure package to the broker, who 
repackages the data object and adds further conlrol data 
which is relevant to his business activities. Various combi- 
nalions of the above alternatives arc also conceivable. 

In the user part 2 of the flow diagram, the secure package 
40 is received by a user, who must use the user program 35 
in order to unpackage the secure package 40 and obtain (he 
data object in a final form 80 for usage . Afier usage, the data 
objeel is repackaged into the secure package 40. 

The different parts of the system and the different steps of 65 
the method according to the invention will now be described 
in more detail. 



The Data Provider's Data Processor: 

FIG. 2 is a system block diagram of a data objeel 
provider's data processor. As mentioned above, the data 
object provider may be an author of a data object, an owner 
5 of a data object, a broker of a data objeel or anyone else who 
wants to distribute a data object, while retaining the control 
of its usage. The data processor is a general or special 
purpose processor, preferably with network capabilities. It 
comprises a CPU 10, a memory 11 and a network adapter 12. 
10 which are interconnected by a bus 13. As shown in FIG. 2, 
other conventional means, such as a display 14, a keyboard 
15, a printer 16 : a bulk storage device 17, and a ROM 18, 
may also be connected to the bus 13. The memory U stores 
network and telecommunications programs 21 and an oper- 
15 ating system (OS) 23. All the above-mentioned elements are 
well-known to the skilled person and commercially avail- 
able. For the purpose of ihe present invention, the memory 
11 also stores a data packaging program 19 and, preferably, 
a database 20 intended for control data. Depending upon the 
20 current operation, one or more data objects 24 can be stored 
in the memory 11 as shown or in the bulk storage 17. The 
data provider's data processor is considered secure. 
The Data Packaging Program: 

The data packaging program 19 is used for creating 
25 control data for controlling the usage of a data objeel and for 
packaging the data object and the control data into a secure 
package. 

As shown in FIG. 3, it comprises a program control 
module 301, a user interface module 302, a packaging 
30 module 303, a control data creation module 304, an encryp- 
tion module 305, one or more formal modules 306, and one 
or more security modules 307. 

The control module 301 controls the execution of the 
other modules. The user interface module 302 handles 
35 interaction with the data object provider. The packaging 
module 303 packages the control data and the data object. It 
uses the control data creation module 304, the format 
modules 306, the security modules 307 and the encryption 
module 305 as will be described more in detail below. 
40 The formal modules 306 comprise program code, which 
is required to handle the data objects in their native format. 
They can fulfill functions such as data compression and data 
conversion. They can be implemented by any appropriate, 
commercially available program, such as by means of a 
45 routine from the PKWARE Inc. Data Compression Library 
for Windows and the Image Alchemy package from Hand- 
made Software Incorporated, respectively. They can also be 
implemented by cusiorn designed programs. 

The security modules 307 comprise program code 
50 required to implement security, such as more sophisticated 
encryption than what is provided by the encryption module 
305, authorization algorithms, access control and usage 
control, above and beyond the basic security inherent in the 
data package. 

The data packaging program 19 can contain many differ- 
ent types of both format and security modules. The program 
control module 301. applies the format and security modules 
which are requested by Ihe data provider. 

The encryption module 305 may be any appropriate, 
commercially available module, such as "FileCrypt" Visual 
Basic subprogram found in Crescent Software's QuickPak 
Professional for Windows — FILECRPT.BAS, or a custom 
designed encryption program. 

The control dala creation module 304 creates the conlrol 
data for controlling the usage of the data object. An example 
of a control data structure will be described more in detail 
below. 
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The Control Data: entered in the form of predetermined codes, is then passed 

The control data can be stored in a header file and a usage to the control module 301, which calls the packaging module 

data file. In a preferred embodiment, the header file com- 303 and passes the information to it. 

prises fields to store an object identifier, which uniquely The packaging module 303 calls the control data creation 

identifies the control data and/or its associated data object, 5 module 304, which first creates a header file, then creates 

a title, a format code, and a security code. The format code header data on the basis of the header information entered by 

may represent the formal or position of fields in the usage the data object provider and finally stores the header data, 

data file. Alternatively, the formal code may designate one or step 404-405. Then a usage data file is created, usage data 

more format modules to be used by the data packaging created on the basis of the usage information entered bv the 

program or the user program. The security code may rep- io data provider, and finally the usage data is stored in the 

resent the encryption method used by the encryption module usage data file, step 406-407. 

305 or any security module to be used by the data packaging The packaging module 303 then applies any formal and 

program and the user program. The header file fields will be security modules 306, 307 specified in the header file, steps 

referred to as header elements. 408-413, to the data object. 

The usage data file comprises at least one field for storing is Next, the packaging module 303 concatenates the usaee 

data which controls usage of the data object. One or more data file and the data object and stores the result as a 

usage data fields which represent one condition for the usage temporary file, step 414. The packaging module 303 calls the 

of the data object will be referred to as a usage element. Id encryption module 305, which encrypts the temporary file, 

a preferred embodiment, each usage element is defined by an step 415. The level of security will depend somewhat on the 
identifier field, e.g. a serial number, a size field, which 20 quality of the encryption and key methods used, 

specifies the size of the usage element in bytes or in any Finally, the packaging module 303 concatenates the 

olber appropriate way, and a data field. header file and the encrypted temporary file and saves the 

The header elements and the usage elements are control result as a single file, step 416. This final file is the data 

elements which control all operations relating to the usage of package which may now be distributed by file transfer over 
the object. The number of control elements is unlimited. The 25 a network, or on storage media such as CDROM or diskette, 

data provider may define any number of control elements to or by some other means, 

represent his predetermined conditions of usage of the data FXAMPI P 
object. The only restriction is that the data packaging 

program 19 and the user program 35 must have compatible ^ exam P le of bow the data packaging program 19 can be 
program code to handle all the control elements. This 30 used will now be described with reference to FIGS. 5 and 6. 

program code resides in the packaging module and the usage ln tnis example the data object provider is a computer 

manager module, to be described below. graphics artist, who wants to distribute an image that can be 

Control elements can contain data, script or program code used as cli P art > Dul onlv in a document or file which is 

which is executed by the user program 35 to control usage packaged according to the method of the invention and 
of the related data object. Script and program code can 35 wmcn nas usage conditions which do not permil further 

contain conditional statements and the like which are pro- cutting or pasting. The artist wants to provide a free preview 

cessed with the relevant object and system parameters on the of tDe ima g e , but also wants to be paid on a per use basis 

user's data processor. It would also be possible to use a unless the user is willing to pay a rather substantial fee for 

control element to specify a specific proprietary user pro- unlimited use. The artist will handle payment and usage 
gram which can only be obtained from a particular broker. 40 authorization on a dial-up line to his data processor. 

It is evident that the control data structure described above Th c artist uses some image creation application, such as 

is but one example. The control data structure may be Adobe's Photoshop to create his image. The artist then saves 

defined in many different ways with different control ele- the image to file in an appropriate format for distribution, 

ments. For example, the partitioning of the control data in such as the Graphical Interchange Format (GIF). The artist 
header data and usage data is not mandatory. Furthermore, 45 & cn starts his data packaging program and enters an object 

the control elements mentioned above are but examples. The identifier, a title, a formal code and a security code, which 

control data formal may be unique, e.g. different for different in this example are 41 123456789", "image", "a", and "b", 

data providers, or defined according to a standard. respectively. In this example, the formal code "a'"' indicates 

The Operation of the Data Packaging Program that no format code need be applied, and this code is selected 

The operation of a first embodiment of the data packaging 50 since the GIF format is appropriate and already compressed, 

program will now be described with reference to the block Furthermore, the security code "b" indicates that no security 

diagram of FIG. 3 and the flow diagram of FIG. 4. module need be applied and this code is selected since the 

First a data provider creates a data object and saves it to security achieved by the encryption performed by means of 

a file, step 401. When the data packaging program is started, the encryption module 305 is considered appropriate by the 
step 402, the user interface module 302 prompts the data 55 artist. 

object provider to input, step 403, the header information Then the artist enters his dial-up phone number, his price 

consisting of e.g. an object identifier, a title of the data for a single use of the image and for unlimited use of the data 

object, a formal code specifying any format module to be object, a code for usage types approved, and for number of 

used for converting the format of the data object, and a usages approved. For this purpose, the user interface module 
security code specifying any security module to be used for 60 302 may display a data entry form. 

adding further security to the dala object. Furthermore, the The data packaging program 19 creates control data on 

user interface module 302 prompts the data object provider the basis of the information entered by the artist and stores 

to input usage information, e.g. his conditions for the usage the data in the header file and in the usage data file as shown 

of the data object. The usage information may comprise the in Fl GS. 5 and 6, respectively. This data constitutes a general 
kind of user who is authorized to use the data object, the 65 set of control data which is not specifically adapted to a 

price for different usages of the object etc. The header single user, but which indicates the conditions of usage 

information and the usage information, which may be determined by the artist for all future users. 



5.845.281 



10 



Then the package program 19 concatenates the data object 
and the control data in accordance with steps 414-^*16 of 
FIG. 4 to achieve the secure package. No format module or 
security module is applied to the data object, since they are 
not needed according to the data in tbe header file. 

When the secure package has been obtained, the artist 
sends it to a bulletin board, from where it can be retrieved 
by a user. 

EXAMPLE 2 

Below, another embodiment of the data packaging pro- 
gram 19 will be described with reference to FIGS. 7-126. In 
this example, the data object consists of a video film, which 
is created by a film company and sent to a broker together 
with the predetermined conditions 42 for usage of tbe video. 
The broker loads the video 24 to the bulk storage 17 of bis 
data processor. Then, he uses his data packaging program 1 9 
to create a general set of control data 50 based on the 
predetermined conditions 42 for usage indicated by the film 

company. Furthermore, the address to the video in tbe bulk 2 0 preferably stored in the broker's control database. This eives 
storage 17 is stored in an address table in the control *' ' 1 ....... & 
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cated therein. Tbe comparison may include comparing the 
user type, the usage type, the number of usages, the price etc. 
If the requested usage complies with the predetermined 
conditions the authorization is granted, otherwise it is 
rejected. 

FIG. 9 is a data flow diagram of the data packaging on tbe 
broker's data processor, which occurs in response to a 
granted request from a user for authorization for usage of the 
video, e.g. a granted request for the purchase of two view- 
ings. 

In response to a granted request, the broker agairj applies 
the data packaging program 19. The general set of control 
data 50 and the data object 24 are input to the program from 
the control database 20 and the bulk storage 17, respectively. 
The program creates a user set of control data 60 on the basis 
of the general set of control data 50 and concatenates the 
user set 60 and tbe data object 24 to create a secure data 
package 40, which may then be transferred to the user by any 
suitable means. A copy of the user set of control data is 



database 20 or somewhere else in the memory 11. It could 
also be stored in the general set of control data 50. Finally, 
the general set of control data 50 is stored in the control 
database 20. It could also be stored somewhere else in the 
memory 11. After these operations, which correspond to 
steps 401-407 of FIG. 4, the data packaging program is 
exited. 

FIG. 8a shows the genera] set of control data for the video 
according to this example. Here the control data includes an 
identifier, a format code, a security code, the number of 
usage elements, the size of the data object, the size of the 
usage elements and two usage elements, each comprising an 
identifier field, a size field and a data field. The identifier 
may be a unique number in a series registered for the 
particular broker. In this example, the identifier is 
"123456789", tbe formal code **0010", which, in this 
example, indicates the format of a AV] video and the securitv 
code is "0010". Furthermore, the first usage element defines 
the acceptable users for the video and the second usage 
element data defines the number of viewings of the video 
purchased by a user. The first usage element data is 1 which, 
for the purposes of this example will signify that only 
education oriented users are acceptable to the film company. 
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the broker a record with which to compare subsequent use. 
e.g. when a dial-up is required for usage. 

FIG. 10 is a flow diagram of an exemplary procedure used 
for creating a user set of control data and for packaging the 
user set of control data and the video into a secure package. 
Here, the procedure will be described with reference to the 
general set of control data shown in FIG. Sa. 

The user set of control data 60, i.e. a set of control data 
which is adapted to the specific user of this example, is 
created in steps 1001-1003 of FIG. 11. First, the general set 
of control data 50 stored in the control database is copied to 
create new control data, step 1001. Second, a new identifier, 
here "l 23456790", which uniquely identifies the user set of 
control data, is stored in the identifier field of the new control 
data 60, step 1002. Third, tbe data field of the second usage 
element is updated with the usage purchased, i.e. in this 
example with two. since two viewings of the video were 
purchased, step 1003. 

The thus-created user set of control data, which corre- 
sponds to the general set of control data of FIG. 8a is shown 
in FIG. Sb. 

The user set of control data is stored in the control 
database 20, step 1004. Then, the video, which is stored in 
the bulk storage 17, is copied, step 1005. The copy of the 



The data field of the second usage element data is empty, 45 video is concatenated with the user set of control data, step 

since at this stage no viewings of the video has been 1006. The security code 0010 specifies that the entire data 

purchased. package 40 is to be encrypted and that tbe user program 35 

Managing Object Transfer: must contain a key which can be applied. Accordingly, the 

Tbe broker wants to transfer data objects to users and whole data package is encrypted, step 1007. Finally,' the 

enable controlled usage in return for payment of usage fees 50 encrypted data package is stored on a storage media or 



or royalties. Managing the broker-user business relationship 
and negotiating the transaction between the broker and the 
user can both be automated, and the control data structure 
can provide unlimited support to these operations. The 
payment can be handled by transmitting credit card 
information, or the user can have a debit or credit account 
with tbe broker which is password activated. Preferably, 
payment should be confirmed before the data object is 
transferred to the user. 
Data packaging: 

When a user wants to use a data object, he contacts the 
broker and requests authorization for usage of the data 
object. When the request for authorization is received in the 
broker's data processor, a data program compares the usage 
for which authorization is requested with the usage control 
elements of the control data of the data object to see if it 
complies with the predetermined conditions for usage indi- 
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passed to a network program, step 1008, for further transfer 
to the user. 

FIG. 11 is a memory image of the video 24 and the user 
control data 60. The user control data and a copy of the video 
24 are concatenated as shown in FIG. 12a. The encrypted 
data package 40 is shown in FJG. Ub. 

The procedure of FIG. 10 can be implemented by the data 
packaging program of FIG. 3. As an alternative to the 
procedure of FIG. 10, the user set of control data can be 
created as in steps 1001-1003 and saved in a header file and 
in a usage data file, whereafter steps 408-416 of the data 
packaging program of FIG. 4 can be performed to create the 
secure package. 

The above -described process for creating a user- adapted 
set of control data may also be used by a user who wants to 
redistribute a data object or by a broker who wants to 
distribute the data object to other brokers. Obviously, redis- 
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iributioD of ihe data object requires lb at redistribution is a A password may be added in a password control element 

usage approved of in the control data of the data object. If during packaging of the data object. The password is trans- 

so, tbe user or the broker creates a user set of control data fened to the user by registered mail or in any other appro- 

by adding new control elements and possibly changing the pr i alc way. In response to the presence of the password 

data fields of old control element to reflect the relation 5 coolro l dement in the control data structure, the user pro- 

between the author and the current user/broker and between s ^ ^ lo • x ^ ord ^ ^ 

ftmic In lhis p-sr? 15 ro T r : d wilh me password iD the ™ ] data > 

The User's Data Processor: tabled ' C ° miDUeS ' othenvise ix 

The user's data processor, which is shown in FIG. 13, is K , , 

a general or special purpose processor, preferably with 10 u ™ C u USCr pW f ^ m procedures which alter 

network capabilities. It comprises a CPU 25, a memory 26, ^ behavi0r of lhe Program (e.g. provjde filters for children) 

and a network adapter 27, which are interconnected by a bus according to the control data of the user object 41. It is 

28. As shown in FIG. 13 ; other conventional means, such as important to mention that the user program 35 never stores 

a display 29, a keyboard 30, a printer 31, a sound system 32, ^ ob i ecl ^ Dativc ^om\z\ in user accessible storage and that 
a ROM 33, and' a bulk storage device 34, may also be 15 during display of tbe data object the print screen key is 

connected to the bus 28. Tbe memory 26 stores network and trapped. 

telecommunications programs 37 and an operating system Tb e ^ c transfer program 1409 can transfer and receive 

(OS) 39. All the above-mentioned elements are well-known files via network to and from other data processor, 

to the skilled person and commercially available. For the Since the data object is repackaged into the secure pack- 
purpose of the present invention, tbe memory 26 also stores 20 age after the usage, the user program should also include 

a user program 35 and, preferably, a database 36 intended for program code for repackaging the data object. The program 

the control data. Depending upon the current operation, a code could be the same as thai used in the corresponding 

data package 40 can be stored in the memory 26, as showD, data packaging program 19. It could also be a separate 

or in the bulk storage 34. program which is called from the user program. 
The User Program: 25 Operation of the User Program: 

The user program 35 controls the usage of a data object The operation of an embodiment of the user program 35 

in accordance with tbe control data, which is included in the will now be described with reference to the block diagram 

data package together with the data object. of FIG. 14 and the flow diagram of FIG. 15. 

As shown in FIG. 14. the user program 35 comprises a First the user receives a data package 40 via file transfer 
program control module 1401 a user interface module 1402 , 30 over a network, or on a storage media such as CD-ROM or 

a usage manager module 3403, a control data parser module diskette, or by any other appropriate means, step 1501 . He 

1404, a decryption module 1405, one or more format then stores the data package as a file on his data processor, 

modules 1406, ODe or more security modules 1407, and a file step 1502. 

transfer program 1409. When the user wants to use the data object, he starts the 
The control module 1401 controls the execution of the 35 user program 35. step 1503. Then he requests usage of the 

other modules. Tbe user interface module 1402 handles data object, step 1504. The request is received by the user 

interactions with the user. The usage manager module 1403 interface module 1402, which notifies the control module 

unpackages the secure package 40. It uses the control data 1401 of the usage request. The control module 1401 calls the 

parser module 1404, the decryption module 1405, the format usage manager module 1403 and passes the usage request, 
modules 1406, and the security modules 1407. 40 Tbe usage manager module 1403 reads the formal code 

The formal modules 1406 comprise program code, which from the data package to determine the control daia format, 

is necessary to handle the data objects in their native formal, Then it calls the decryption module 1405 to decrypt and 

such as decompression and data format procedures. The extract the control data from the daia package. The usage 

security modules 1407 comprises program code required to manager module 1403 applies the decryption module 1405 

implement security above the lowest level, such as access 45 incrementally to decrypt only the control data. Finally, ii 

control, usage control and more sophisticated decryption stores the control data in memory, step 1505. 

than what is provided by the basic decryption module 1405. The usage manager module 1403 then calls the control 

The user program 35 can contain many different types of data parser module 1404 to extract the data fields from the 

both format and security modules. However, they should be usage elements. 

complementary with the format and security modules used 50 The usage manager module 1403 then compares the user 

in the corresponding data packaging program. The usage request for usage with the corresponding control data, steps 

manager module 1401 applies the formal and security mod- 1506-1507. If the requested usage is not permitted in the 

ules which are necessary to use a data object and which are control data, the requested usage is disabled, step 1508. 

specified in its control data. If the proper format and security However, if the requested usage is approved of in the control 

modules are not available for a particular data object, lhe 55 data, the usage manager module 1403 applies any format 

usage manager module 1403 will not permit any usage. and security modules 1406, 1407 specified in the header data 

The decryption module 1405 can be the above-mentioned or usage data, steps 1509-1514, to the data package. 

FileCrypt Visual Basic subprogram or some other commer- Then the usage manager module 1403 calls the decryption 

cially available decryption program. It can also be a custom module 1405, which decrypts the object data, step 1515. 

designed decryption module. The only restriction is that the 60 whereafter the requested usage is enabled, step 1516. In 

decryption module used in the user program is complemen- connection with the enabling of the usage, the control data 

tary wilh the encryption module of the data packaging may need to be updated, step 1517. The control data may for 

program. instance comprise a data field indicating a limited number of 

The control data parser module 1403 performs the reverse usages. If so, this data field is decremented by one in 

process of the control data creation module 304 in FIG. 3. 65 response lo the enabling of the usage. When the user has 

The user program 35 can have code which controls use of finished usage of the data object, the user program 35 

the program by password or by any other suitable method. restores lhe data package in the secure form by repackaging 
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it. step 1518. More particularly, the data object and the usage 307 containing a sophisticated encryption algorithm, such as 

elements are recoDcatenated and reencrypted. Then the RSA, could be used. In that case the packaging module 303 

header elements are added and the thus-created package is calls the security module 307 in step 412 of the flow diagram 

stored in the user's data processor. of FIG. 4. The security module encrypts the image and 

Example I contd 5 a security algorithm code to the control data creation 

v module 302, which adds a control element for the security 

A specific example of how the user program operates will module code, which will be detected by the user program 35. 

now be described with reference to FIGS. 6 and 15. The Then the data packaging continues with step 414. When the 

example is a continuation of Example I above, where an data package is sent to the user, the public key is mailed to 

artist created an image and sent it to a bulletin board. 1Q the user by registered mail. When the user program is 

Assume that a user has found the image at an electronic executed in response to a request for usage of this data 

bulletin board (BBS) and is interested in using it. He then ob J ecl > tbe usa S e manager module will detect the security 

loads the data package 40 containing the image to his data module code in the control data and call the security module, 

processor and stores it as a file in the bulk storage. The user module cpmro1 lo the interface module 

then executes the user program 35 and requests to preview wh)ch re f esls the ™*J 10 in P m lhe P u °"'c key. If the 

the image. The user program then performs steps 1505-1507 ' ke ^ ' s corTCCl ' thc *™nty ^ule applies complement 

of the flow diagram in FIG. 15. The request for a preview of ^ using that key and passes a usage approved 

the image is compared with the data field of the usage l ° thc USa£C m ™* CI modulc > which cnablcs lhc 

element "code for usage type approved". Id this example, X another example of improved security, a security 

the code 9 designates that previews are permuted. Thus 20 mocJu]e implemem an ambori2 ation process, according 

the requested preview is OK. Then, the user program 35 tn _ hirh ' h „„ op nf t , , . . . * . ' d "*" UI "e 

„f« 1c icfto uu r nr- u c ,u r . a 10 * nicn eacn vs*g* of the data object requires a dia up to 

performs step 1509-1515 of FIG. 15. Since the format code ■ tn nF fV _ u- . ^ „ rt *\ 

j *i_ j „ L „ * . , - - . J . . the data processor of the data object provider. When the 

"a; and tbe secumy code "b" of Che header data tnd.cate ,ha, corresponding security moduJe u „ ^ 

neither conversion nor decompression, nor security treat- m J5 ^ reJevan , ^ £ 

™ni^ut6,tev*i P nw*m<riytow*te<*™ 25 module passes a request for authorization to the control 

data. The usage manager module 1403 then displays the modulc , 401 whjch calk , he fi]e , ransfer m 

preview on the user s data processor and passes control back A - , A , . , , . L - .* 

to the user interface 1402 bj P rovider s dial ' u P number, which 

is indicated in a usage element and transfers the request for 

When the user is finished previewing the image, the user authorization of usage. Upon a granted authorization, the 

interface module 1402 displays thc costs for usage of thc 30 dala provider's data processor returns a usage approved 

image in accordance with the price usage data of the control meS saee to the user security module, which forwards the 

data ("price for single use" and "price for unlimited use" in approval to the usace control module, which enables one 

FIG. 6) and prompts the user to enter a purchase request. The usage !f , he user reques ts further usages of the data object 

user decides to buy unlimited use of the image, and thc user ^ authorization process is repeated. This procedures results 

interface module 1402 inputs purchase information, such as 3S irj a permanent data object security, 
an identification, billing, and address for that request and 

passes the request to the control modulc 1401. The control Example 2 contd. 

module calls the file transfer program 1409, which dials the A further specific example of how the user program 35 

artist's dial-up number as indicated in the usage data operates will now be described with reference to FIG. 16. 

("control element for artist's phone number" in FIG. 6) and 40 Thc example is a continuation of Example 2 above, where 

transfers thc request and purchase information to a broker a user purchased two viewings of a video film from a broker, 

program on the artist 's data processor. Upon approval of the The user wants to play the video which was purchased and 

purchase, thc broker program returns a file containing an transferred from the broker. The user applies the user 

update for "usage type approved'' control elements. Thc program 35, step 1601, and requests to play the video, step 

update is "10" for thc usage type approved, which in this 45 1602. The user program 35 first examines the user set of 

example indicates that unlimited use by that user is permit- control data 60, step^l 603. In this example, the user program 

ted. The file transfer program 1409 passes this update to the 35 contains only those formal and security modules for 

usage manager modulc 1403 which updates the control data objects with format code of 0010 and with a security code 

with the "usage type approved" code. The user interface of 0010. Consequently, only those types of data objects may 

modulc 1402 then displays a confirmation message to thc 50 be used. If the program encounters other codes it will not 

user- enable the usage action, step 1604-1605. 

Subsequently, the user interlace module inputs a request Next, the user program 35 compares the first control 

to copy the image to a file packaged according to this element data which is 1. for educational users only, to user 

invention, on the user's machine. The usage manager mod- information entered by the user on request of the user 

ule then compares the user request control data. Tbe usage 55 program. Since the user type entered by the user is the same 

manager module examines the data filed for "Usage type as that indicated in the first usage element the process 

approved", which now is "00". The usage manager module continues, steps 1606-1607. Then the user program checks 

copies the image to the file. the second control element data which specifies that the 

When tbe user is finished with the image, the usage number of plays purchased is 2. Consequently, the usage is 

manager module 1403 repackages the image as before 60 enabled, step 1609. The user program applies the decryption 

except with updated control dala. This repackaging process module with the universal key and the AVI format video is 

is exactly like that shown in FIG. 4, except that the header displayed on the display unit 29. Then, the second control 

and usage dala already exist, so the process starts after step element data is decremented by one, step 1610. Finally, the 

406 where control dala is created. video is repackaged, step 16U. 

Improved Security 65 Implementation of Variable and Extensible Object Control: 

If the data object provider wants lo improve the security Object control is achieved through the interaction of the 

of a data package containing a dala object, a security module dala packaging program 19 and the usage program 35 with 
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tbe control data. Variation of object control can be applied to 
a particular object by creating a control data format with 
control elements defining the control variation and the 
circumstances in which the variation is applied. Program 
procedures should Ihen be added to program modules to 
process the control elements. For example, suppose a broker 
wants to allow students to print a particular article for free 
but require business users to pay for it. He defines control 
elements to represent the user types student and business and 
tbe associated costs for each. He then adds program logic to 
examine the user type and calculate costs accordingly. 
Object control is extensible in the sense that the control data 
formal can have as many elements as there are parameters 
defining the rules for object control. 
Implementation of Variable and Extensible Object Security: 
Object security is also achieved through the interaction of 
the data packaging program 1 9 and the user program 35 with 
the control data. Security process and encryption/decryption 
algorithms can be added as program modules. Variation of 
object security can be applied to a particular object by 
creating a control data format with control elements defining 
tbe security variation and the circumstances in which the 
variation is applied. Program procedures should be added to 
program modules to process tbe control elements. For 
example, suppose a broker wants to apply minimal security 
to his collection of current news articles but to apply tight 
security to his encyclopedia and text books. He defines a 
control element for security type. He then adds program 
logic to apply the security algorithms accordingly. Object 
security is extensible in the sense that multiple levels of 
security can be applied. The level of security will of course 
be dependent on the encryption/key method which is imple- 
mented in the security modules. One level of security may 
be to require on-line confirmation when loading a data 
object to the user's data processor. This can be implemented 
in program code in a security module. This permits the 
broker to check that the object has not already been loaded 
as well as double check all other parameters. 

It is also important to have version control with time 
stamping between the usage program and the user's control 
database. Otherwise the database can be duplicated and 
reapplied to the user program. The user program can place 
a time stamp in the control database and in a bidden system 
file each time tbe control database is accessed. If the time 
stamps are not identical, the control database has been 
tampered with and all usage is disabled. Program code for 
handling lime stamps can reside in a security module. 
Handling Composite Objects: 

A composite object can be handled by defining a control 
data format with control elements defining relationships 
between constituent objects and by defining a parent/child 
element and a related object id element. For example, 
suppose a broker wants to include a video and a text book 
in an educational package. He creates a parent object with 
control elements referring to the video and textbook objects. 
He also includes control elements in the control data for the 
video object and the textbook object referring to the parent 
object. Finally, he adds program procedures to program 
modules to process the control elements. 

In other words, when the data object is a composite data 
object including at least two constituent data objects, a 
respective general set of control data is created for each of 
tbe constituent data object and the composite data object. In 
response to a request from a user, a respective user set of 
control data is created for each of the constituent data objects 
as well as for the composite data object. 

Examples of various data package structures for compos- 
ite objects are given in FIG. 17. 
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Another side of composite objects is when the user wants 
to combine data objects for some particular use. Combina- 
tion is a usage action that must be permitted in eacb 
constituent data object. A new data object is created with 
control data linking the constituent data objects. Each con- 
stituent data object retains its original control data whicb 
continues to control its subsequent usage. 

When a user requests authorization for usage of one 
constituent data object in a composite data object, a user set 
of control data is created only for that constituent data object 
and concatenated only with a copy of that constituent data 
object. 

Scaleable Implementation: 

The flexible control data structure and modular program 
structure permit almost boundless extensibility with regard 
to implementation of the owner's requirements for usage 
control and royalty payment. The control data structure can 
include control elements for complex user types, usage 
types, multiple billing schemes, artistic or ownership credit 
requirements and others. Security modules can be included 
which interact with any variation of the control data struc- 
ture and the control data. Security modules could require a 
dial up to the brokers data processor to appiove loading or 
usage actions and to implement approval authentication 
mechanisms. 
User Acting as a Broker: 

A limited or full implementation of the broker's data 
packaging program can be implemented on the user's 
machine to permit further distribution or reselling. However 
only those data objects with control data permitting further 
distribution or reselling are enabled in that way. 
Re broke ring 

An author of a data object may want to allow his original 
broker to distribute his data object to other brokers whom 
will also distribute his image. He then includes a control 
element which enables re broke ring in the control data before 
distributing the data object with its associated coDtrol data to 
the original broker. Upon request for rcbrokering, the origi- 
nal broker copies the general set of control data and updates 
the copy to create a user set of control data which will 
function as the general set of control data on the subsequent 
brokers data processor. The original broker packages the 
data object with the user set of control data and transfers the 
package to the subsequent broker. The subsequent broker 
then proceeds as if he were an original broker. 
Automated Transaction Negotiation 

This is an example of how the predetermined conditions 
for usage included in the control data can be used for 
achieving automated transaction negotiation. 

Suppose some company wants to provide a computer 
automated stock trading. Buy and sell orders could be 
implemented in tbe form of data packages and a user 
program could process the data packages and execute trans- 
actions. Data packages could carry digital cash and manage 
payment based on conditions defined in the control data. 

In this example, the buy order is created using a data 
packaging program according to tbe invention on the buy- 
er's data processor. The sell order is created using the data 
packaging program on the seller's data processor. Both 
orders are used by the user program on the stock trader's 
data processor. The usages would take tbe form of using a 
sell order data package to sell stock and a buy order data 
package to buy stock. The rules or conditions for buying and 
selling stocks could be indicated in the control data of the 
packages. The data object consists of digital money. In this 
context it is important to remember that digital money is 
merely data which references real money or virtual money 
that is issued and maintained for the purpose of digital 
transactions. 
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In ihis example the buyer starts with a digital money data 
file. He uses the data packaging program to create control 
data, e.g. kind of stock, price, quantity, for the purchase, and 
he then packages the digital money data file and the control 
data into a secure package as described above. 

The seller starts with an empty data file. This empty file 
is analogous to the digital money data file except it is empty. 
The seller creates control data, e.g. kind of stock, price, 
quantity, and packages the empty file and the control data 
into a secure package. 

Both the sell order package and the buy order package are 
transferred to the data processor of the stock trading 
company, where they are received and stored in the memory. 
The user program of the stock trading company examines 
the control data of the buy and sell order packages in the 
same way as has been described above and looks for a 
match. Upon identifying matched buy and sell orders the 
user program executes a transaction, whereby the digital 
money is extracted from the buy order data package and 
transferred to the sell order package. Then the control data 
of the data packages is updated to provide an audit trail. Both 
packages are repackaged in the same manner as they were 
previously packaged and then transferred back to their 
authors. 

The above described technique could be used for selling 
and buying any object as well as for automated negotiations. 
Payment may be carried out in other ways than by digital 
money. 

In the genera] case, the data processor of the user decrypts 
the usage control elements of the user sets of control data 
and examines the usage control elements to find a match. In 
response to the finding of a match, the user's data processor 
carries out an action which is specified in the user set of 
control data. 

We claim: 

1. A method for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising the steps of: 

storing the data object in a memory device, where it is 
accessible by means of a data object provider's data 
processor; 

providing a variable number of control conditions for 
usage of the data object; 

creating, by said data processor, a general set of control 
data for the data object based on said variable number 
of control conditions for usage, said general set of 
control data comprising at least one or more usage 
control elements defining usages of the data object 
which comply with said variable number of control 
conditions, 

storing said general set of control data in a memory 
device, where it is accessible by said data processor; 

concatenating the general set of control data with a copy 
of the data object; and 

encrypting at least the copy of the data object and said one 
or more usage control elements to create a secure data 
package which is ready for transfer to a user. 

2. A method as set forth in claim 1, wherein the step of 
encrypting comprises encrypting the data object and the 
general set of control data. 

3. A method as set forth in claim 1, wherein the step of 
creating control data comprises creating an identifier which 
uniquely identifies the general set of control data. 

4. A method as set fonh in claim 1, wherein the step of 
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5. A method as set forth in claim 1, wherein the step of 
creating a genera] set of control data comprises creating a 
formal control element which identifies the format of the 
coDtrol data. 

5 6. A method as set forth in claim 1, further comprising the 
steps of receiving in said data processor a request for 
authorization for usage by a user; comparing the usage for 
which authorization is requested with said one or more 
usage control elements of the general set of control data and 
to granting the authorization if the usage for which authoriza- 
tion is requested complies with the usages defined by said 
one or more usage control elements. 

7. A method as set forth in claim 6, further comprising the 
step of securing payment for the requested authorization for 

15 usage before granting the authorization. 

8. A method as set forth in claim 1, comprising the further 
steps of: 

receiving the data package in a user's data processor; 
storing the data package in a memory device where it is 

accessible by means of the user's data processor; 
decrypting said one or more usage control elements; 
checking, in response to a request by the user for usage of 
the data object, whether the requested usage complies 
with the usage defined by the at least one usage control 
element of the general set of control data; 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the general set of control data, the data 
object and enabling the requested usage, otherwise 
disabling it. 

9. A method as set forth in claim 8, comprising the further 
steps of reconcatenating, after the usage of the data object, 
the data object and the one or more usage control elements, 
reencrypting at least the data object and the one or more 
usage control elements, and storing the thus-repackaged data 
package in the memory of the user's data processor. 

10. A method for controlling the usage by a user of a data 
object so as to comply with control conditions for usage of 

40 the data object, comprising the steps of: 

providing a varible number of control conditions for 

usage of the data object; 
storing a data package in a memory device, where it is 
^ accessible by means of a data processor of the user, said 
data package comprising the data object and control 
data, which comprises at least one usage control ele- 
ment defining a usage of the data object which com- 
plies with the variable number of control conditions, 
the data object and said at least one usage control 
element being encrypted; 
receiving a request by the user for usage of the data 
object; 

decrypting the control data; 

checking, in response to the request by the user for usage 
of the data object, whether the requested usage com- 
plies with the usage defined by the at least one usage 
control clement of the control data; and 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the control data, the data object and enabling 
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the requested usage, otherwise disabling it. 
11. A method as set forth in claim 10, wherein the usage 
control element is updated after the at least one usage of the 
creating a general set of control data comprises creating a 65 data object, 
security control element which identifies a security process 12. A method as set forth in claim 10, wherein said control 

to be applied before usage of the data object is allowed. data comprises an indication of the number of times the user 



5.845,281 



19 



25 



is authorized to use the daia objeel in accordance with said 
al least one usage control eJemem; 

wherein the requested usage of the data object is only 
enabled when said number of limes is one or more; and 
wherein said number of times is decremented by one 5 
wheD the requested usage is enabled. 

13. A method as set forth in claim 10. wherein the control 
data comprise a security control element, and further com- 
prising the step of carrying out, before each usage of the data 
object, a security procedure defined in the security control lC 
element. 

14. A method as set forth in claim 10, wherein the step of 
checking whether the requested usage complies with the 
usage defined by the at least one usage control element 
comprises the step of checking that the user's data processor 15 
is capable of carrying out a security procedure specified in 

a security control element of the at least one usage control 
element, and if not, disabling the usage. 

15. A method as set forth in claim 10, comprising the 
further steps of reconcatenating, after the usage of the data 20 
objeel, the data object and the one or more usage control 
elements, reencrypting at least the data object and the one or 
more usage control elements, and storing the thus- 
repackaged data package in the memory of the users data 
processor. 

16. A system for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising 

means for providing a vanable number of control condi- 
tions; 

first means id the data object provider's data processor for 
creating a general set of control data for the data object 
based on the variable number of control conditions for 
usage, said general set of control data comprising al 
least one or more usage control elements defining 
usages of the data object which comply with the 
variable number of control conditions; 

storing means, which are accessible by means of said data 
processor, for storing the data object and the general set 40 
of control data; 

concatenating means for concatenating the gcneial set of 
control data with a copy of the data object; and 

encrypting means for encrypting the copy of the data 
object and at least said one or more usage control 45 
elements to create a secure data package, which is 
ready for transfer to a user. 

17. A system as set forth in claim 1 6, wherein the general 
set of control data comprises a control data element which 
defines the right to further distribution of the data object by 50 
the user. 

18. A system for controlling the usage by a user of a data 
object so as lo comply with control conditions for usage of 
the data object, comprising: 

means for providing variable number of control condi- 
tions; 

storing means for storing a data package which comprises 
a data objeel and a control data comprising at least one 
usage control element defying a usage of the data 
object which complies with the variable number of 
control conditions; 

means for decrypting the at least one usage control 
clement and the data objeel; 

checking means for checking whether a usage requested 
by the user complies with the usage defined by said at 
least one usage control element; 
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enabling means for enabling the usage requested by the 
user when the usage complies with the usage defined by 
said at least one usage control element; and 

disabling means for disabling the usage requested by the 
user when the usage does not comply with the usage 
defined by said at leasi one usage control element. 

19. A system as set forth in claim 18, further comprising 
means for repackaging the data object after usage thereof. 

20. A method for controlling the usage by a user of data 
objects so as to comply with predetermined conditions for 
usage of the data objects, comprising the steps of: 

storing at least two data packages in a memory device,, 
where they are accessible by a data processor of the 
user, each said data package comprising a data object 
and a user set of control data, which comprises at least 
one usage control element defining a usage of the data 
object which complies with the predetermined 
conditions, the data object and said at least one usage 
control elements being encrypted; 

decrypting the usage control elements of the user sets of 
control daia; 

examining the usage control elements of said at least two 

data packages to find a match; 
using, in response lo the finding of a match, the data 

processor to carry out an action, which is specified in 

the user sets of control data. 
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21. A method as set forth in claim 20, comprising the 
further steps of updating the al least one usage control 
element of each data package, concatenating after the usage 
of the data objects, each of the data objects and its at least 

30 one usage control element, reencrypting each of the concat- 
enated data objects and its at least one usage control element 
and transferring the repackaged data objects to their creators. 

22. A method for managing a data object so as to comply 
with predetermined conditions for usage of the data object. 

35 comprising ihe steps of: 

storing the data object in a memory device, where it is 
accessible by means of a data object provider's data 
processor; 

providing control conditions for usage of the data object; 
creating, by said data processor, a general set of control 
data for the data objeel based on said control conditions 
for usage, said general set of control data comprising at 
leasi one or more usage control elements defining 
usages of the data object which comply with said 
control conditions; 
storing said general set of control data in a memory 
device, where it is accessible by said data processor; 
concatenating the general set of control data with a copy 

of Ihe data object; 
encrypting at least the copy of the data object and said one 
or more usage control elements to create a secure data 
package which is ready for transfer to a user; 
creating, in response to a request for authorization for 
usage of the data object by a user, a user set of control 
data, which comprises at least a subset of the genera] 
set of control data, including at least one of said usage 
control elements; 
using the user set of control data instead of the general set 

of control data in said concatenating step; 
using the at least one or usage control element of the user 
set of control data instead of the one or more usage 
control elements of the general set of control daia in the 
encrypting step: and 
checking, before allowing transfer of the data package to 
the user, that said request for authorization for usage of 
the data object has been granted. 
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23. A method as set forth in claim 22, wherein the data 
object is composed of at least two constituent data objects 
and wherein the user set of control data, in response to a 
request for authorization for usage of one of said constituent 
data objects by a user, is created only for that constituent 5 
data object and concatenated only with a copy of that 
constituent data object. 

24. A method as set forth in claim 22, wherein the data 
provider's data processor is connected to a data network and 
the request for authorization is received from a data proces- 10 
sor of the user, which is also connected to the data network, 
further comprising the step of transferring the data package 
through the data network to the user's data processor. 

25. A method as set forth in claim 22, wherein the data 
object is a composite data object including at least two 15 
constituent data objects and wherein the step of creating a 
general set of control data comprises the step of creating a 
respective general set of control data for each of the con- 
stituent data objects and the composite data object and 
wherein the step of creating a user set of control data 20 
comprises the step of creating a respective user set of control 
data for each of the constituent data objects and the com- 
posite data object. 

26. A method as defined in claim 22, comprising the 
further step of sioring a copy of the user set of control data 25 
in the data object provider's processor. 

27. A method as defined in claim 22, comprising the 
further steps of: 

receiving the data package in a user's data processor; 

storing the data package in a memory device where it is ~° 
accessible by means of the user's data processor; 

decrypting the at least one usage control element of the 
user set of control data; 

checking, in response to a request by the user for usage of 35 
the data object, whether the requested usage complies 
with the usage defined by the at least one usage control 
element of the user set of control data; and 

decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 40 
element of the user set of control data, the data object 
and enabling the requested usage, otherwise disabling 
it. 

28. A method as set forth in claim 22, further comprising: 
receiving the data package in a user's data processor; 45 
storing the data package in a memory device where it is 

accessible by means of the user's data processor; 
decrypting the at least one usage control element of the 

user set of control data; 5Q 
checking, in response to a request by the user for usage of 

the data object, whether the requested usage complies 



with the usage defined by the at least one usage control 
element of the user set of control data; 
decrypting, in response to the requested usage complying 
with the usage defined by the at least one usage control 
element of the user set of control data, the data object 
and enabling the requested usage, otherwise disabling 
it; and 

reconcatenating, after the usage of the data object, the 
data object and the one or more usage control elements 
of the user set of control data, and recncrypiing at least 
the data object and the one or more usage of the user set 
of control data. 
29. A system for managing a data object so as to comply 
with control conditions for usage of the data object, com- 
prising: 

first means in the data object provider 's data processor for 
creating a general set of control data for the data object 
based on the predetermined conditions for usage, said 
general set of control data comprising at least one or 
more usage control elements defining usages of the data 
object which comply with the predetermined condi- 
tions; 

storing means, which are accessible by means of said data 
processor, for storing the data object and the general set 
of control data; 

concatenating means for concatenating the general set of 
control data with a copy of the data object; 

encrypting means for encrypting the copy of the data 
object and at least said one or more usage control 
elements to create a secure data package, which is 
ready for transfer to a user; 

second means in said data processor for creating, in 
response to a request for authorization for usage of the 
data object by a user, a user set of control data, which 
comprises at least a subset of the general set of control 
data, which subset comprises at least one of said usage 
control elements; 

using the user set of control data instead of the general set 
of control data in the storing means; 

using the user set of control data instead of the general set 
of control data in the concatenating means; 

using the user set of control data instead of the general set 
of control data in the encrypting means; and 

checking means in said data processor for checking that 
said request for authorization for usage of the data 
object has been granted before allowing transfer of the 
data package to the user. 



